linux-api.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Ingo Molnar <mingo@kernel.org>
To: Thomas Garnier <thgarnie@google.com>
Cc: "Martin Schwidefsky" <schwidefsky@de.ibm.com>,
	"Heiko Carstens" <heiko.carstens@de.ibm.com>,
	"David Howells" <dhowells@redhat.com>,
	"Arnd Bergmann" <arnd@arndb.de>,
	"Al Viro" <viro@zeniv.linux.org.uk>,
	"Dave Hansen" <dave.hansen@intel.com>,
	"René Nyffenegger" <mail@renenyffenegger.ch>,
	"Andrew Morton" <akpm@linux-foundation.org>,
	"Kees Cook" <keescook@chromium.org>,
	"Paul E . McKenney" <paulmck@linux.vnet.ibm.com>,
	"Andy Lutomirski" <luto@kernel.org>,
	"Ard Biesheuvel" <ard.biesheuvel@linaro.org>,
	"Nicolas Pitre" <nicolas.pitre@linaro.org>,
	"Petr Mladek" <pmladek@suse.com>,
	"Sebastian Andrzej Siewior" <bigeasy@linutronix.de>,
	"Sergey Senozhatsky" <sergey.senozhatsky@gmail.com>,
	"Helge Deller" <deller@gmx.de>, "Rik van Riel" <riel@redhat.com>,
	"John Stultz" <john.stultz@linaro.org>,
	"Thomas Gleixner" <tglx@linutronix.de>,
	"Oleg Nesterov" <oleg@redhat.com>,
	"Stephen Smalley" <sds@tycho.nsa.>
Subject: Re: [PATCH v3 2/4] x86/syscalls: Specific usage of verify_pre_usermode_state
Date: Sat, 11 Mar 2017 10:42:00 +0100	[thread overview]
Message-ID: <20170311094200.GA27700@gmail.com> (raw)
In-Reply-To: <20170311000501.46607-2-thgarnie@google.com>


* Thomas Garnier <thgarnie@google.com> wrote:

> Implement specific usage of verify_pre_usermode_state for user-mode
> returns for x86.
> ---
> Based on next-20170308
> ---
>  arch/x86/Kconfig                        |  1 +
>  arch/x86/entry/common.c                 |  3 +++
>  arch/x86/entry/entry_64.S               | 19 +++++++++++++++++++
>  arch/x86/include/asm/pgtable_64_types.h | 11 +++++++++++
>  arch/x86/include/asm/processor.h        | 11 -----------
>  5 files changed, 34 insertions(+), 11 deletions(-)
> 
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index 005df7c825f5..6d48e18e6f09 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -63,6 +63,7 @@ config X86
>  	select ARCH_MIGHT_HAVE_ACPI_PDC		if ACPI
>  	select ARCH_MIGHT_HAVE_PC_PARPORT
>  	select ARCH_MIGHT_HAVE_PC_SERIO
> +	select ARCH_NO_SYSCALL_VERIFY_PRE_USERMODE_STATE
>  	select ARCH_SUPPORTS_ATOMIC_RMW
>  	select ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT
>  	select ARCH_SUPPORTS_NUMA_BALANCING	if X86_64
> diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c
> index 370c42c7f046..525edbb77f03 100644
> --- a/arch/x86/entry/common.c
> +++ b/arch/x86/entry/common.c
> @@ -22,6 +22,7 @@
>  #include <linux/context_tracking.h>
>  #include <linux/user-return-notifier.h>
>  #include <linux/uprobes.h>
> +#include <linux/syscalls.h>
>  
>  #include <asm/desc.h>
>  #include <asm/traps.h>
> @@ -180,6 +181,8 @@ __visible inline void prepare_exit_to_usermode(struct pt_regs *regs)
>  	struct thread_info *ti = current_thread_info();
>  	u32 cached_flags;
>  
> +	verify_pre_usermode_state();
> +
>  	if (IS_ENABLED(CONFIG_PROVE_LOCKING) && WARN_ON(!irqs_disabled()))
>  		local_irq_disable();
>  
> diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
> index d2b2a2948ffe..04db589be466 100644
> --- a/arch/x86/entry/entry_64.S
> +++ b/arch/x86/entry/entry_64.S
> @@ -218,6 +218,25 @@ entry_SYSCALL_64_fastpath:
>  	testl	$_TIF_ALLWORK_MASK, TASK_TI_flags(%r11)
>  	jnz	1f
>  
> +	/*
> +	 * Check user-mode state on fast path return, the same check is done
> +	 * under the slow path through syscall_return_slowpath.
> +	 */
> +#ifdef CONFIG_BUG_ON_DATA_CORRUPTION
> +	call	verify_pre_usermode_state
> +#else
> +	/*
> +	 * Similar to set_fs(USER_DS) in verify_pre_usermode_state without a
> +	 * warning.
> +	 */
> +	movq	PER_CPU_VAR(current_task), %rax
> +	movq	$TASK_SIZE_MAX, %rcx
> +	cmp	%rcx, TASK_addr_limit(%rax)
> +	jz	1f
> +	movq	%rcx, TASK_addr_limit(%rax)
> +1:
> +#endif
> +
>  	LOCKDEP_SYS_EXIT
>  	TRACE_IRQS_ON		/* user mode is traced as IRQs on */
>  	movq	RIP(%rsp), %rcx

Ugh, so you call an assembly function just to ... call another function.

Plus why is it in assembly to begin with? Is this some older code that got
written when the x86 entry code was in assembly, and never properly
converted to C?

Thanks,

	Ingo

  reply	other threads:[~2017-03-11  9:42 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-03-11  0:04 [PATCH v3 1/4] syscalls: Restore address limit after a syscall Thomas Garnier
2017-03-11  0:04 ` [PATCH v3 2/4] x86/syscalls: Specific usage of verify_pre_usermode_state Thomas Garnier
2017-03-11  9:42   ` Ingo Molnar [this message]
2017-03-13 15:53     ` Thomas Garnier
     [not found]     ` <20170311094200.GA27700-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-03-13 21:48       ` H. Peter Anvin
2017-03-14  0:04     ` H. Peter Anvin
2017-03-14  9:40       ` H. Peter Anvin
2017-03-14 15:17         ` Thomas Garnier
2017-03-14 15:39           ` Andy Lutomirski
2017-03-14 16:29             ` Thomas Garnier
2017-03-14 16:44               ` H. Peter Anvin
2017-03-14 16:51                 ` Thomas Garnier
2017-03-14 17:53                   ` H. Peter Anvin
2017-03-15 17:43                     ` Thomas Garnier
2017-03-22 19:15                       ` Thomas Garnier
2017-03-22 20:21                         ` H. Peter Anvin
2017-03-22 20:41                           ` Thomas Garnier
2017-03-22 20:49                             ` H. Peter Anvin
2017-03-22 21:11                               ` Thomas Garnier
     [not found]                                 ` <CAJcbSZEouZ2v+q_i-3Xiba2FNT18ipKwF09838vvfSCwEi7e4Q-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-03-23 19:14                                   ` H. Peter Anvin
2017-03-14 16:30             ` H. Peter Anvin
2017-03-11  0:05 ` [PATCH v3 3/4] arm/syscalls: " Thomas Garnier
2017-03-11  0:05 ` [PATCH v3 4/4] arm64/syscalls: " Thomas Garnier

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170311094200.GA27700@gmail.com \
    --to=mingo@kernel.org \
    --cc=akpm@linux-foundation.org \
    --cc=ard.biesheuvel@linaro.org \
    --cc=arnd@arndb.de \
    --cc=bigeasy@linutronix.de \
    --cc=dave.hansen@intel.com \
    --cc=deller@gmx.de \
    --cc=dhowells@redhat.com \
    --cc=heiko.carstens@de.ibm.com \
    --cc=john.stultz@linaro.org \
    --cc=keescook@chromium.org \
    --cc=luto@kernel.org \
    --cc=mail@renenyffenegger.ch \
    --cc=nicolas.pitre@linaro.org \
    --cc=oleg@redhat.com \
    --cc=paulmck@linux.vnet.ibm.com \
    --cc=pmladek@suse.com \
    --cc=riel@redhat.com \
    --cc=schwidefsky@de.ibm.com \
    --cc=sds@tycho.nsa. \
    --cc=sergey.senozhatsky@gmail.com \
    --cc=tglx@linutronix.de \
    --cc=thgarnie@google.com \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).